- redis 7.2.0
- Bug Fixes
- redis-cli in cluster mode handles unknown-endpoint (#12273)
- Update request / response policy hints for a few commands
(#12417)
- Ensure that the function load timeout is disabled during
loading from RDB/AOF and on replicas. (#12451)
- Fix false success and a memory leak for ACL selector with bad
parenthesis combination (#12452)
- Fix the assertion when script timeout occurs after it
signaled a blocked client (#12459)
- Fixes for issues in previous releases of Redis 7.2
- Update MONITOR client's memory correctly for INFO and
client-eviction (#12420)
- The response of cluster nodes was unnecessarily adding an
extra comma when no hostname was present. (#12411)
- refreshed redis-conf.patch:
- switch to autosetup now that we switched the last patch to patch
level 1
OBS-URL: https://build.opensuse.org/request/show/1104035
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=228
- redis 7.0.12:
* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users. (bsc#1213193)
* (CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
* Re-enable downscale rehashing while there is a fork child
* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
SPOP, and eviction
* Fix WAIT to be effective after a blocked module command being unblocked
* Avoid unnecessary full sync after master restart in a rare case
OBS-URL: https://build.opensuse.org/request/show/1098376
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=226
- Update to version 7.0.5 (boo#1203638)
+ Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
+ Module API changes
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags (#11159)
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
+ Bug Fixes
* Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
* Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
* Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
* Fix a crash when a Lua script returns a meta-table (#11032)
+ Fixes for issues in previous releases of Redis 7.0
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
* Fix crash when a key is lazy expired during cluster key migration (#11176)
* Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
* Fix some crashes involving a list containing entries larger than 1GB (#11242)
* Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
* Fix memory leak when unloading a module (#11147)
* Fix bug with scripts ignoring client tracking NOLOOP (#11052)
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
* Fix missing sections for INFO ALL when also requesting a module info section (#11291)
OBS-URL: https://build.opensuse.org/request/show/1005288
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=205
- redis 6.2.1
Bug fixes:
* Fix sanitize-dump-payload for stream with deleted records (#8568)
* Prevent client-query-buffer-limit config from being set to lower than 1mb (#8557)
Improvements:
* Make port, tls-port and bind config options modifiable at runtime (#8510)
Platform and deployment-related changes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
* Improved memory consumption and memory usage tracking on FreeBSD (#8545)
* Fix compilation on ARM64 MacOS with jemalloc (#8458)
Modules:
* New Module API for getting user name of a client (#8508)
* Optimize RM_Call by utilizing a shared reusable client (#8516)
* Fix crash running CLIENT INFO via RM_Call (#8560)
- includes changes from 6.2.0 GA:
* Integer overflow on 32-bit systems (CVE-2021-21309)
Bug fixes:
* Avoid 32-bit overflows when proto-max-bulk-len is set high (#8522)
* Fix broken protocol in client tracking tracking-redir-broken message (#8456)
* Avoid unsafe field name characters in INFO commandstats, errorstats, modules (#8492)
* XINFO able to access expired keys during CLIENT PAUSE WRITE (#8436)
* Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames (#8517)
* Fix broken protocol in redis-benchmark when used with -a or --dbnum (#8486)
* XADD counts deleted records too when considering switching to a new listpack (#8390)
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height) (#8445)
* Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count (#8429)
* Fix duplicate replicas issue in Sentinel, needed due to hostname support (#8481)
* Fix Sentinel configuration rewrite, an improvement of #8271 (#8480)
OBS-URL: https://build.opensuse.org/request/show/877720
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=169
- add BR pkgconfig(libsystemd) for the rewritten systemd support
and force building with it
- Update to 6.0.1
* https://raw.githubusercontent.com/antirez/redis/6.0.1/00-RELEASENOTES
* XCLAIM AOF/replicas propagation fixed.
* Client side caching: new NOLOOP option to avoid getting
notified about changes performed by ourselves.
* ACL GENPASS now uses HMAC-SHA256 and have an optional
"bits" argument. It means you can use it as a general purpose
"secure random strings" primitive!
* Cluster "SLOTS" subcommand memory optimization.
* The LCS command is now a subcommand of STRALGO.
* Meaningful offset for replicas as well. More successful
partial resynchronizations.
* Optimize memory usage of deferred replies.
* Faster CRC64 algorithm for faster RDB loading.
* XINFO STREAM FULL, a new subcommand to get the whole stream
state.
* CLIENT KILL USER <username>.
* MIGRATE AUTH2 option, for ACL style authentication support.
* Other random bugfixes.
OBS-URL: https://build.opensuse.org/request/show/800054
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=143
- Refresh spec-file with spec-cleaner and manual optimizations
* Remove Group tag.
* Replace make by %make_build macros.
- Update to 5.0.8
* https://raw.githubusercontent.com/antirez/redis/5.0.8/00-RELEASENOTES
* Fix Pi building needing -latomic, backport.
* Fix impl of aof-child whitelist SIGUSR1 feature.
* Fix ThreadSafeContext lock/unlock function names.
* XREADGROUP should propagate XCALIM/SETID in MULTI/EXEC.
* Fix client flags to be int64 in module.c.
* Fix small bugs related to replica and monitor ambiguity.
* Fix lua related memory leak.
* Simplify #6379 changes.
* Free allocated sds in pfdebugCommand() to avoid memory leak.
* Jump to right label on AOF parsing error.
* Free fakeclient argv on AOF error.
* Fix potential memory leak of rioWriteBulkStreamID().
* Fix potential memory leak of clusterLoadConfig().
* Fix bug on KEYS command where pattern starts with * followed by \x00.
* Blocking XREAD[GROUP] should always reply with valid data.
* XCLAIM: Create the consumer only on successful claims.
* Stream: Handle streamID-related edge cases.
* Fix ip and missing mode in RM_GetClusterNodeInfo().
* Inline protocol: handle empty strings well.
* Mark extern definition of SDS_NOINIT in sds.h.
* Fix revisit CVE-2015-8080 vulnerability.
* Avoid sentinel changes promoted_slave to be its own replica.
OBS-URL: https://build.opensuse.org/request/show/786036
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=135
- Update to 5.0.7
* https://raw.githubusercontent.com/antirez/redis/5.0.7/00-RELEASENOTES
* Test: fix implementation-dependent test after code change.
* RED-31295 - redis: avoid race between dlopen and thread creation.
* Cluster: fix memory leak of cached master.
* Fix usage of server.stream_node_max_*.
* Update mkreleasehdr.sh.
* Remove additional space from comment.
* Fix stream test after addition of 0-0 ID test.
* AOF: fix assignment for aof_fsync_offset.
* Rename var to fixed_time_expire now that is more general.
* Expires & blocking: handle ready keys as call().
* XADD with ID 0-0 stores an empty key.
* Fix unreported overflow in autogerenared stream IDs.
* Expires: refactoring judgment about whether a key is expired.
- Refresh reproducible.patch
- Update to 5.0.6
* https://raw.githubusercontent.com/antirez/redis/5.0.6/00-RELEASENOTES
* RDB: fix MODULE_AUX loading by continuing to next opcode.
* Missing per-skiplist overheads in MEMORY USAGE.
* RM_Log: add support for logging without a context or context
without module.
* Cluster: abort loading nodes data if vars arguments are unbalanced.
* More strict checks and better comments in flushSlaveOutputBuffers().
* Improve comment in flushSlavesOutputBuffers().
* Replication: clarify why repl_put_online_on_ack exists at all.
* Networking: flushSlavesOutputBuffers bugfix.
* RM_ReplyWithCString was missing registration.
* Fix to module aux data rdb format for backwards compatibility
with old check-rdb.
* Implement module api for aux data in rdb.
* Redis-cli: always report server errors on read errors.
* Reduce the calling stack.
* Make EMBSTR case of #6261 more obvious.
* Make memory usage consistent of robj with OBJ_ENCODING_INT.
* HyperLogLog: fix the fix of a corruption bug.
* Fix HLL corruption bug.
* Extend REDISMODULE_CTX_FLAGS to indicate if redis is currently
loading from either RDB or AOF.
* Uses addReplyBulkCString.
* Adds RedisModule_ReplyWithCString.
OBS-URL: https://build.opensuse.org/request/show/752707
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=127
